|
Thank you, USSN Staff
DISCLAIMERTHE INFORMATION CONTAINED IN THIS REPORT HAS BEEN ASSEMBLED FROM A VARIETY OF SOURCES AND IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. INFORMATION CONTAINED IN THIS REPORT IS PROVIDED AS RECEIVED AND DOES NOT CONSTITUTE AN ENDORSEMENT BY THE US SECURITY NETWORK, ANY MEMBER COMPANY, OR PARTICIPATING PUBLIC AGENCIES. INFORMATION MAY BE REPEATED, AS IT IS EXTRACTED EXACTLY AS PRESENTED BY THE ORIGINAL SOURCE
| ||
|
Banks in most major markets are moving towards smart cards, thanks to losses from counterfeit cards, which are rising. But in the United States, Australia, and Canada, credit and debit cards are long-established and fraud losses are relatively low. Bank One senior vice president Chris Conrad says that issuer fraud losses in the United States are only about 6 basis points, less than half that of the United Kingdom, and this difference is splitting the banking card world between smart cards and magnetic stripe. The speed of converting to chip cards will vary from nation to nation and region to region, and bankers will have to balance the cost of smart cards against fraud in cheaper cards and required changes in customer behavior. Some retailers may find that upgrading payment terminals so that they can accept chip cards will reduce fraud losses and merchant fees, while bank risk managers in nations that are keeping mag-stripe cards will watch smart card introductions elsewhere to see how the criminal element responds. In nations where fraud is low, converting does not make economic sense, but in nations where "skimming," or reproducing cards illegally, is common, real-time authorization is not always performed, and cross-border fraud is picking up. The United Kingdom is in the midst of converting to smart cards and is seeing a drop in fraud. Chip cards also have loopholes, but they are much smaller and harder to exploit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Security improvements have come under closer scrutiny because utilities have been identified as prime targets for potential terrorist attacks. Utilities have three choices when it comes to security: no spending, pay for increased security through existing rate structure, or increase security and apply for rate increases at a general rate hearing. In order for a utility to successfully implement the third option, Ernst & Young recommend using its value of risk avoidance methodology. A company must first establish the potential impact a security breach could cause in order to measure security and necessary spending. Impact of such a breach would have to include tangible losses, such as productivity, suspension of services, and support and recovery costs. However, intangibles such as damage to reputation may be left out because they may result in overstated or understated assessments. Once a baseline financial-loss estimate is established, utilities should take four steps toward justification of security spending. A utility must understand the value at risk if there was a security breach, estimate possibility of a breach, evaluate net enterprise cost of ownership related to a potential security measure, and finally evaluate the improvement a specific security measure delivers. Overall security measures are being required to demonstrate a return on investment in order to be approved, and utilities have a significant responsibility to protect a business while using measures that are cost-effective and reliable. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Companies can defend themselves against allegations of discrimination or wrongful termination by thoroughly documenting disciplinary actions and employee performance reviews. Good documentation of this sort can help companies defend against lawsuits or even help get lawsuits dismissed before going to trial. The foundation of good documentation is a fair and consistent documentation policy, one that is effectively communicated to managers and other staff members via training and monitoring. Employers can be found guilty of discrimination even if they follow a lawful course of action in dismissing an employee, if the employee can prove in court that there was an ulterior motive behind the lawful action. To prove the underlying motive, it is necessary for an employee to show that a certain set of circumstances are met. These circumstances, as established in the case McDonnell Douglas v. Green (U.S. Supreme Court, 1973), include the employee providing evidence that they belong to a class of employee protected by federal statute. In addition, the employee must show that they have lived up to legitimate job expectations; that they do not deserve unfavorable treatment or do deserve favorable treatment; that they did or did not receive the appropriate treatment; and that similar employees who are not protected by the statute were treated in a more favorable manner. Irregularities in the documentation of performance evaluations can lead a court to rule that there is enough evidence for a case to proceed to trial. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The Health Insurance Portability and Accountability Act (HIPAA) is vague enough that many medical providers and personnel are restricting patient information too much. For example, emergency response teams are having difficulty locating residents in need of medical attention because 911 dispatchers have stopped using residents' names in their radio calls. Doctors, nurses, and other medical providers are angered by the 500 pages of regulations covering medical privacy, especially since interpretation has been left up to them, and it is unclear what the correct interpretation of the laws is. Doctors also note that poor communication has been the crux of medical errors for many years, and while medical privacy should be protected, most agree that patient safety should come first. According to U.S. Department of Health and Human Services representative Richard Campanelli, many providers have taken the privacy provisions too far, since some have stopped sending out appointment reminder cards to patients or refuse to provide information to family members or clergy about hospitalized patients. Campanelli insists the regulations are to protect privacy so long as quality of care if not impeded, and hospitals and doctors should be aware that informing family members about the basic condition of their patients is not in violation of HIPAA. Moreover, doctors and hospitals are allowed to share information with one another, family members, friends, or others identified by the patients as involved in their care; patients' names can be listed in hospital directories as long as they do not opt out; police and fire departments are allowed to release patient names and information about their accidents. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Workplaces are full of stress and bottled-up angst, especially with the terrorism, corporate scandals, and other tensions looming in the distance, as employers expect more productivity from fewer workers. Not only are employees affected by stressors in their work lives, but also in their personal lives, and many of those tensions can easily spill into the workplace. While minor arguments between employees can be healthy, workplace violence is a clear worry in today's society, but employers can implement procedures and programs to reduce worker stress and prevent outbreaks of violence. Employers should begin by forming executive committees to assess the current workplace environment, devise policies and procedures, establish hotlines or other forms of confidential data collection, create training programs for managers and staff members, employ screening practices for all new hires, improve layoff and termination processes to ensure employees do not become disgruntled, develop a crisis plan, and continually review and improve programs and processes. Risk management strategies for workplace violence should alert supervisors and others to employees with the potential for violence, and once supervisors are alerted, they should take immediate action--whether that entails firing the employee, advising the employee to seek counseling, or other options. Some telltale signs of potentially violent workers include increases in lateness or absences--leaving early or leaving without permission--employees that appear to become less skilled in their positions, dips in productivity or sustained drops in performance, and productivity output that resembles a roller coaster. Employers need to be aware and take action before workplace violence occurs or risk facing million-dollar jury awards from workers who are directly or indirectly affected by incidents that could have been prevented. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Homeland Security Secretary Tom Ridge said on Thursday that continued federal investments in security technology and government partnerships with the technology industry, if done correctly, will mean more freedom and collateral benefits for Americans, not less. "Homeland security is about building bridges to one another as we build barriers to terrorists," Ridge said during a lunchtime address before the CEO Forum of the Business Software Alliance. "The technological bridge is the most important," Ridge said, with homeland security fundamentally about sharing information. Ridge emphasized that the Homeland Security Department already has made significant contributions to U.S. security, with much due to advances in technology. He noted that before the Sept. 11, 2001, terrorist attacks, "if you wanted to board an airplane, an attendant asked you if you packed your bags. Today, we thoroughly check passengers and luggage for weapons. We've made great improvements. Flying commercial aviation today is far safer." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Five trailers will be used as mobile evidence collection laboratories by the Nebraska State Patrol. The $100,000 needed to buy and outfit each trailer came from savings from job vacancies and other sources. The vans that were used as laboratories were too small and required investigators to bring equipment in their trunks. A device that can look at light frequencies to detect unseen blood spots and hair, digital cameras, fingerprint kits, and chemicals that make blood glow in the dark are among the features of the trailers. Sgt. Bob Frank says that Nebraska is reaching its goal of having the best science and technology available to improve crime scene investigations. Federal money will help pay for a mobile command post and a robot for defusing bombs. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
As of Oct. 1, banks, credit unions, securities firms, and other financial institutions are required to verify the identities of customers, maintain records of their information, and cross-check customer names with the government's known suspected terrorist lists in accordance with Section 326 of the USA Patriot Act. Banks and others in the industry have been given minimal authority to investigate consumers, and in certain cases, firms will be able to inquire about the source of an investor's funds. Critics are concerned that the investigations and queries will invade consumers' privacy, but banks claim that they are only increasing their due diligence procedures. The requirements only amplify the main goal of the act, which is to reduce terrorist money laundering. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Piracy in South-East Asia rose 37 percent in the first six months of 2003, and as more and more pirates board ships--stealing cash and products and kidnapping crew members--security experts grow more concerned about the ability of terrorists to do the same. Evidence is mounting that al-Qaeda members are learning how to dive, among other skills, which could point to future attacks by sea. Since the September 2001 terrorist attacks in the United States, oil tankers entering Boston harbor have been subjected to Coast Guard escorts and other screening processes. Moreover, U.S. citizens who have abused the mail and freight delivery systems have shown many experts that cargo security is not as foolproof as it should be. Meanwhile, the shipping industry is expected to pay $1.3 million in investments to improve security measures, and to continually spend about $730 million annually to maintain those improved systems, but critics are wondering if it will be enough. Critics have been quick to notice that guidelines that are supposed to have been established by the U.S. Bureau of Customs and Border Protection have yet to be created, and current criminal background screening procedures for cargo, shippers, and recipients is minimal at best. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Unresolved problems with spam, cybersecurity, and digital piracy were major topics of discussion at the Business Software Alliance's Global Tech Summit on Oct. 9, as were the near-future applications of radio-frequency identification (RFID) and wireless services. CEOs of technology companies proposed several solutions to the spread of unsolicited commercial email, including a bulk email tax and a "do not spam" registry, but spam filtering was still seen as not wholly reliable. Homeland Security Secretary Tom Ridge delivered a luncheon speech in which he stated that physical security and cybersecurity are key parts of U.S. infrastructure, and added that the IT industry plays a vital homeland security role as a disseminator of information. He called on the industry to help spread federal-level data to state and local authorities in order to build "a total situational awareness," but warned that U.S. security could be compromised by information's growing availability; he suggested that corporations be made to reveal the physical and cybersecurity measures they employ to shareholders and affected communities. Anti-piracy was another hot-button issue at the summit, with Adobe Systems CEO Bruce Chizen promising that the next edition of Photoshop will restrict the number of registrations per copy. Borland Software, meanwhile, requires customers to register and get a key from the company so that their software will work, and CEO Dale Fuller reported that the real piracy headache stems from people who acquire unauthorized software copies and sell them cheaply. Fuller also forecast that "Our kids will not know wired computers like we do today," while executives predicted that the near future will witness the incorporation of security into most applications, de facto wireless connectivity, RFID-enhanced inventory management, and continued strong feelings--and fighting--against spam. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Health and Human Services Secretary Tommy G. Thompson announced last Thursday two Food and Drug Administration regulations to bolster the safety and security of America's food supply. The new regulations will permit better, more targeted efforts to monitor and inspect imported foods and will allow quick identification and notification of food processors and other establishments involved in any deliberate or accidental contamination of food. By requiring advance notice for imported food shipments and registering domestic and foreign food facilities, we are providing critical new tools for the FDA to identify potentially dangerous foods and better keep our food supply safe and secure, Secretary Thompson affirmed.
| ||
|
Please forward your feedback to JIMKING@xxxxxxxx or call at (404) 525-9991. If you would like to subscribe to this publication please click here.
| ||